| | Transparently upgrading existing OAuth consumers to UAL without checking leads to issue in Fisheye | | | | | Unresolved | Nov 23, 2021 | Nov 23, 2021 | | |
| | As a support engineer I want the full exception and stack trace to be logged when the manifest couldn't be fetched so that I know what happened without having to ask the customer to enable debug logging and try again | | | | | Unresolved | Oct 14, 2021 | Oct 14, 2021 | | |
| | Fix incorrect html markup passed to jQuery methods (compatibility with recent security fix in jQuery) | | | | | Unresolved | Nov 18, 2020 | Mar 2, 2021 | | |
| | Unrecognized error while attempting to retrieve status of Application Link 'xxxx' | | | | | Unresolved | Nov 4, 2020 | Apr 7, 2021 | | |
| | Reduce logspam when oauth dance permissions are denied by the user | | | | | Unresolved | Oct 28, 2020 | Mar 29, 2021 | | |
| | 500 error when trying to view authorized applications in Bitbucket Server | | | | | Unresolved | Aug 25, 2020 | Aug 30, 2021 | | |
| | ApplicationLinkRequestFactory for should set follow redirects to false | | | | | Unresolved | Aug 23, 2020 | Sep 24, 2020 | | |
| | Applinks Plugin test is flaky against confluence server | | | | | Fixed | Jun 6, 2020 | Aug 2, 2021 | | |
| | Improve compatibility Matrix documentation | | | | | Unresolved | May 27, 2020 | Jun 21, 2020 | | |
| | OAuth 1.0a utilizing Jira Application Links: Port number on Host URL is not added to OAuth Signature Base String leading to Signature Invalid Error | | | | | Timed out | May 10, 2020 | Jul 6, 2020 | | |
| | Continue button when creating new applink is styled incorrectly | | | | | Unresolved | Apr 26, 2020 | Jun 21, 2020 | | |
| | Authorisation bypass in the ViewUpgrades resource - CVE-2019-20105 | | | | | Fixed | Mar 16, 2020 | Jun 21, 2020 | | |
| | CSRF in Atlassian Application Links plugin allows network enumeration - CVE-2019-20100 | | | | | Fixed | Feb 9, 2020 | Jun 21, 2020 | | |
| | Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011 | | | | | Fixed | Dec 16, 2019 | Jun 21, 2020 | | |
| | Bump confluence version used in pom.xml | | | | | Unresolved | Oct 27, 2019 | Jun 21, 2020 | | |
| | Upgrade jackson-databind dependency to address CVE-2019-16942, CVE-2019-16943, CVE-2019-17531 | | | | | Fixed | Oct 27, 2019 | Jun 21, 2020 | Nov 26, 2019 | |
| | Remove applinks-plugin dependency on com.atlassian.confluence:confluence | | | | | Unresolved | Oct 10, 2019 | Jun 21, 2020 | | |
| | Display Jira workflows in Confluence | | | | | Answered | Sep 30, 2019 | Jun 21, 2020 | | |
| | Add explicit PermittedMethod calls for XWork Actions | | | | | Unresolved | Jul 25, 2019 | Jul 25, 2019 | | |
| | Setup SourceClear scan for Applinks to detect security threats early | | | | | Fixed | May 30, 2019 | Jun 21, 2020 | | |
| | Unnecessary bundling of swagger-core | | | | | Fixed | May 27, 2019 | Jun 21, 2020 | | |
| | Application links 5.4.x relies on com.fasterxml.jackson.core jackson-databind 2.9.3 which has CVE-2018-14721 vulnerability | | | | | Fixed | May 9, 2019 | Jun 21, 2020 | Jun 10, 2019 | |
| | Improve AppLinks compatibility across major versions of Atlassian products | | | | | Fixed | May 8, 2019 | Jun 21, 2020 | | |
| | XSS in the listApplicationLinks resource - CVE-2018-20239 | | | | | Fixed | Apr 28, 2019 | Jun 21, 2020 | | |
| | Link to OAuth troubleshooting documentation is broken within the product | | | | | Unresolved | Feb 19, 2019 | Jun 21, 2020 | | |
| | Manage Application Links should not allow admins to link applications using different auth methods | | | | | Unresolved | Nov 6, 2018 | Jun 21, 2020 | | |
| | Add Crowd web item link | | | | | Unresolved | Sep 14, 2018 | Feb 11, 2020 | | |
| | Update last remaining ADG 2.x icons | | | | | Fixed | Aug 20, 2018 | Jun 21, 2020 | | |
| | AppLinksManifestDownloader throws NullPointerException while loading manifest due to Null ContextClassLoader | | | | | Fixed | Jul 24, 2018 | Jun 21, 2020 | | |
| | XSS in the invalidRedirectUrl template through the redirectUrl parameter - CVE-2017-16860 | | | | | Fixed | May 13, 2018 | Jun 21, 2020 | | |
| | Application link status should reflect Bitbucket Server Smart Commit status | | | | | Unresolved | Apr 16, 2018 | Jun 21, 2020 | | |
| | XSS in various administrative application link resources through the display url of a configured application link - CVE-2018-5227 | | | | | Fixed | Apr 8, 2018 | Jun 21, 2020 | | |
| | Server Side Request Forgery(SSRF) in the oauth status rest resource in Atlassian Application Links - CVE-2017-18096 | | | | | Fixed | Mar 27, 2018 | Jun 21, 2020 | May 8, 2018 | |
| | Entity properties are not deleted when removing an applink | | | | | Fixed | Mar 13, 2018 | Aug 18, 2021 | | |
| | JS errors if lodash 4+ is supplied by the host app | | | | | Fixed | Nov 26, 2017 | Jun 21, 2020 | | |
| | Events should reach its destination even when BaseURL and ApplicationURL are not the same | | | | | Invalid | Nov 7, 2017 | Jun 21, 2020 | | |
| | Release to packages.atlassian.com | | | | | Fixed | Oct 6, 2017 | Jun 21, 2020 | | |
| | Analytics events for application link creation | | | | | Fixed | Oct 5, 2017 | Jun 21, 2020 | | |
| | Update logos of products in Applinks plugin | | | | | Fixed | Oct 5, 2017 | Jun 21, 2020 | | |
| | @PostConstruct job registration breaks on Confluence | | | | | Fixed | Aug 25, 2017 | Jun 21, 2020 | | |
| | Minor version bump to release new Analytics Tracking in applinks | | | | | Fixed | Jul 30, 2017 | Jun 21, 2020 | | |
| | The Oauth Impresonation should specify the exception with gadget | | | | | Unresolved | Jul 5, 2017 | Jun 21, 2020 | | |
| | application links pom.xml do not contain an XML header | |
Andy Brook [Plugin People] | | | Fixed | Jun 30, 2017 | Jun 21, 2020 | | |
| | Incomprehensible dialog when linking a JIRA Server Project to Bitbucket Server | | | | | Unresolved | Jun 6, 2017 | Jun 21, 2020 | | |
| | Move ApplinksStatusService and related types to API module | | | | | Unresolved | Jun 6, 2017 | Jun 21, 2020 | | |
| | The OAuthHelper in Applinks should safely create a document builder when consuming a client OAuth request - CVE-2017-18111 | | | | | Fixed | May 30, 2017 | Jun 21, 2020 | | |
| | Expose ApplinkStatusService to other plugins | | | | | Fixed | Mar 14, 2017 | Jun 21, 2020 | | |
| | Applinks compatibility request 5+ with 4.1- | | | | | Unresolved | Mar 5, 2017 | Jun 21, 2020 | | |
| | Implement a way of creating applinks using a single json string for ease of configuration | | | | | Fixed | Feb 27, 2017 | Jun 21, 2020 | | |
| | HostApplication methods called from applink should have possibility of triggering 404 | | | | | Unresolved | Feb 21, 2017 | Jun 21, 2020 | | |
